Tip: Train staff on these key HIPAA security points now
HIPAA Weekly Advisor, August 1, 2003
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Organizations have until 2005 to comply with the security rule's training requirement, but you must address some important issues now.
The privacy rule requires organizations to safeguard patient information, and the security rule outlines how to appropriately do so, says William Miaoulis, CISA, principal at Phoenix Health Systems, in Montgomery Village, MD. And the privacy rule's April 14 compliance date has passed. "But protecting PHI is good business practice, not just for the regulations," he says.
Miaoulis lists the following six points to communicate to staff now:
1. Select secure passwords
In many cases, staff members make up their own passwords. Having them do so will not only help employees remember their passwords, it will also eliminate the chances that a system administrator could use an employee's account to access information, says Miaoulis.
"The fallacy is that people don't select good passwords," he says. "We typically only tell [staff] how not to select passwords." But not only do you need to train them to make sure passwords are kept confidential, you also need to train them on how to choose a good password, he says.
"No password is perfect, but there are techniques that staff can use to help them have better passwords," says Miaoulis. He offers the following two methods for creating secure passwords:
"Remember a phrase and use the first letter of each word," says Miaoulis. "And you should always add a special character and a number. Now, you will have a password that will not show up in a dictionary, which a lot of password-cracking programs use."
An example would be using the phrase, "I grew up at 522 Main Street," to come up with the password, "IGU@522MS." "It's going to be pretty tough for someone else to guess that," says Miaoulis. A lot of people also use verses from their favorite song or titles of their favorite books, he says.
Another method for creating passwords is to combine pieces of a few words, says Miaoulis. As with the phrase method, it is then important to add a special character and a number. "Happy New Year" could become "hapneye#3," he says.
Go to http://www.himinfo.com/news/tip/ for more tips.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched